The present invention relates generally to public key infrastructure and more particularly to obtaining status information relating to public key management certificate updates.
As is known, to securely transmit data from one party to another in a secured communications system, the data needs to be encrypted, via an encryption key and an encryption algorithm, and/or digitally signed. Such an encryption algorithm may be a symmetric key algorithm such as the data encryption standard (xe2x80x9cDESxe2x80x9d) while the encryption key is a corresponding symmetric key. The sending party encrypts the data using the symmetric key algorithm and transmits the encrypted message over a transmission medium to a receiving party. Upon receiving the encrypted message, the receiving party decrypts the message using the same symmetric key, which must be transmitted to the receiving party or derived by the receiving party by some appropriate security means.
Encrypting data using public key algorithms is somewhat more expensive than using a symmetric key algorithm, but the cost, in many circumstances, is justified because of the difficulty in securely providing the symmetric key to both parties. To obtain the cost saving benefits of symmetric key encryption and the key distribution advantages of public/private key pairs, a wrapped session key is provided to the receiving party along with the data that is encrypted using the symmetric key. The wrapped session key is the symmetric key that has been encrypted using the public key (of the public/private key pair) of the receiving party. When the receiving party receives the encrypted message, it decrypts the wrapped session key using its private key to recapture the symmetric key. Having recaptured the symmetric key, the receiving party utilizes it to decrypt the message. Typically, symmetric keys are used for a relatively short duration (e.g., a communication, a set number of communications, an hour, a day, a few days, etc.), while encryption public keys are used for longer durations (e.g., a week, a month, a year, or more).
To further enhance security of data transmissions in the secured communication system, the sending party provides its digital signature with messages that it transmits. The signature of the sending party consists of a tag computed as a function of both the data being signed and the signature private key of the sender. The receiving party, using the corresponding signature verification public key of the sending party, which accompanies the message, can validate the signature. The signature public key certificate includes the signature public key of the sending party and a signature of the certification authority. The receiving party first verifies the signature of the certification authority using a locally stored trusted public key of the certification authority. Once the signature of the certification authority has been verified, the receiving party can trust any message that was signed by the certification authority. Thus, the signature public key certificate that the receiving party obtained is verified and the signature public key of the sending party can be trusted to verify the signature of the sending party of the message.
As one can imagine, in a secured communication system that has several thousand users, keeping track of encryption keys and verification public keys of the endusers is a monumental task. For example, if the secured communication system is utilized by a large corporation which has 100,000 employees, or more, a certification authority needs to maintain accurate information regarding the encryption public key and the signature public key of each of the 100,000, or more, employees of the corporation. As with any large corporation, employees leave the company requiring their public keys to be deleted from the system, new employees are hired requiring new encryption and signature public keys to be issued, and employees lose their private keys requiring new keys to be issued. In the public key infrastructure environment, it is not uncommon for a certification authority to have to process several thousand public key updates, issues, and re-issues per day.
When a change to an end-user""s public key occurs, the other end-users need to be informed of the change such that the end-user whose public key was changed can participate in secure communications. To inform the other end-users of the change, the certification authority issues a certificate revocation list and update messages. The certificate revocation list indicates the public keys that have been revoked, while the update messages are between a subscriber and its certification authority regarding the subscriber""s public key certificates. Typically, the certification authority will issue the update messages and revocation list on a daily basis, or even less frequently.
As mentioned for a relatively large secure communication system, thousands of public key changes may occur on a daily basis. To a typical end-user, however, only a few dozen, or less, public key changes will be of interest. Thus, even though a particular end-user may only be interested in a few dozen public key certificate changes, it receives the complete revocation list. To transmit the revocation list to tens of thousands of endusers creates a large amount of data traffic that degrades the overall efficiency of the overall secured communication system.
In addition to the large of amount of data that is being transmitting, the revocation list include data that is up to twenty-four hours old. As such, affected end-users are unable to receive encrypted messages and verify signatures for almost a day. In many secured communication systems, such a lapse of secure communication service is unacceptable. Therefore, a need exists for a method and apparatus that provides an enduser with public key certificate revocations regarding other end-users of interest without the data bandwidth requirements of the above mentioned revocation list.